Enjoy vulnerability fishing, Get recognition for your catches, and DONATE to good causes! Found a security vulnerability related to Fishbrain? Please let us know.
We'll investigate your report quickly and get back to you. We donate to a non-profit organization in the name of each person who reports a valid vulnerability. And you'll get some Fishbrain goodies and have your name on our hall of fame!
rutilus.fishbrain.com
fishbrain.com
link.fishbrain.com
ornatus.fishbrain.com
goldfish.fishbrain.com
staging.fishbrain.com
ornatus.staging.fishbrain.com
Enumeration Bugs (unless they contain critical data)
Medium TLS-related issues
DoS/DDoS Attacks
BruteForce Attacks
Social Engineering
Respect Fishbrain users' privacy. Finders should not access or destroy any user's data.
Be patient. Make a good faith effort to clarify and support our security team requests, if they have any.
Do no harm. Act for the common good when reporting all found vulnerabilities. Never publish them publicly without Fishbrain's permission
Prioritize security. Do our best to resolve reported security issues promptly and transparently.
Respect vulnerability catchers. Give your public recognition for your findings.
Do no harm. Do not inflict harm or take unnecessary measures towards you, like making legal threats or reporting to law enforcement
Make sure the vulnerability is directly related to Fishbrain. We will do our best to help you, but we can't be responsible for issues caused by third parties.
Report the vulnerability safely and discreetly. Get in touch with us as soon as you find a vulnerability, and ensure the details of the vulnerability stay secure and private.
Don't use the vulnerability to affect Fishbrain users negatively. If you've discovered a vulnerability that can negatively affect users, report it to us as soon as possible without testing it.
Please provide us with all the information you have. The more information you send us, the easier it is to verify the validity and urgency of your report. Different mediums, like videos and screenshots, can make the process easier and smoother.
Get in touch with Fishbrain's security team:
security@fishbrain.com
and use the public age key (https://fishbrain.com/age-key.txt).
As soon as we verify the vulnerability you reported, we'll make a donation to non-profit organizations in your name to help to make our planet a better place for both Anglers and Hackers. We'll also send you some of our branded goodies as a simple gratitude gift.